US5235642AExpiredUtility

Access control subsystem and method for distributed computer system using locally cached authentication credentials

99
Assignee: DIGITAL EQUIPMENT CORPPriority: Jul 21, 1992Filed: Jul 21, 1992Granted: Aug 10, 1993
Est. expiryJul 21, 2012(expired)· nominal 20-yr term from priority
H04L 9/3297G06F 2211/009G06F 2221/2151G06F 21/31G06F 2221/2141H04L 9/3215
99
PatentIndex Score
709
Cited by
6
References
9
Claims

Abstract

A distributed computer system has a number of computers coupled thereto at distinct nodes. The computer at each node of the distributed system has a trusted computing base that includes an authentication agent for authenticating requests received from principals at other nodes in the system. Requests are transmitted to servers as messages that include a first identifier provided by the requester and a second identifier provided by the authentication agent of the requester node. Each server process is provided with a local cache of authentication data that identifies requesters whose previous request messages have been authenticated. When a request is received, the server checks the request's first and second identifiers against the entries in its local cache. If there is a match, then the request is known to be authentic. Otherwise, the server node's authentication agent is called to obtain authentication credentials from the requester's node to authenticate the request message. The principal identifier of the requester and the received credentials are stored in a local cache by the server node's authentication agent. The server process also stores a record in its local cache indicating that request messages from the specified requester are known to be authentic, thereby expediting the process of authenticating received requests.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. In a distributed computer system having a multiplicity of interconnected computers, security apparatus comprising: a plurality of processes, each process running on one of said multiplicity of computers, said plurality of processes including requester processes and server processes;   secure channels connecting ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running; and   a multiplicity of authenticating agents, each running in a trusted computing base on a different one of said multiplicity of interconnected computers;   one of said multiplicity of authenticating agents, running on one of said multiplicity of computers having at least one server process running thereon, including: local cache means for maintaining data identifying previously authenticated requests from ones of said requester processes running on other ones of said multiplicity of interconnected computers; and   received request authenticating means for authenticating, on behalf of said at least one server process, a received request when data in said received request match said data maintained by said local cache means, for obtaining credentials authenticating said received request when said first data in said received request does not match said data maintained by said local cache means, and for enabling said at least one server process to process said received request only after said received request has been authenticated.     
     
     
       2. The security apparatus of claim 1, wherein each requester process includes means for generating a request and for initiating transmission of said request over one of said secure channels to a specified one of said server processes; and   each server process includes cache means for maintaining its own local cache of data identifying previously authenticated requests received by said server process; and   local authenticating means for authenticating a received request when said first data in said received request matches said data maintained by its own cache means, and for requesting authentication of said received request by said authentication agent running on the same computer as said server process when said data in said received request does not match said data maintained by its own cache means.     
     
     
       3. The security apparatus of claim 1, wherein said local cache means includes means for time limiting validity of said data identifying previously authenticated requests;   said received request authenticating means including means for not matching data in said received request match with invalid data in said local cache means.   
     
     
       4. In a distributed computer system having a multiplicity of interconnected computers, security apparatus comprising: a plurality of processes, each process running on one of said multiplicity of computers, said plurality of processes including requester processes and server processes;   secure channels connecting first ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running;   a plurality of authenticating agents, each running in a trusted computing base on a different one of said multiplicity of interconnected computers;   each requester process including means for generating a request and for initiating transmission of said request over one of said secure channels to a specified one of said server processes, said request including a first datum allegedly identifying a principal associated with said requester process;   each authenticating agent running on one of said multiplicity of interconnected computers having at least one requester process running thereon including: request processing means for adding a second datum to each request generated by a requester process running on the same one of said multiplicity of computers as said authenticating agent, wherein said second datum uniquely corresponds to said originating requester process; and   request authenticating means for authenticating that the first datum and second datum in a previously sent request are valid;     each authenticating agent running on one of said multiplicity of interconnected computers having at least one server process running thereon including: local cache means for maintaining data indicating said first datum and second datum in previously authenticated requests; and   received request authenticating means for (A) authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match said data maintained by said local cache means, (B) obtaining authentication of said received request from said authenticating agent running on the same computer as the requester process that sent said received request when said first datum and second datum in said received request do not match said data maintained by said local cache means, and (C) enabling said at least one server process to process said received request only after said received request has been authenticated.     
     
     
       5. The security apparatus of claim 4, wherein each server process includes cache means for maintaining its own local cache of data indicating said first datum and second datum in previously authenticated requests received by said server process; and   local authenticating means for authenticating a received request when said first datum and second datum in said received request match said data maintained by its own cache means, and for requesting authentication of said received request by said authentication agent running on the same computer as said server process when said first datum and second datum in said received request do not match said data maintained by its own cache means.     
     
     
       6. The security apparatus of claim 4, wherein said local cache means includes means for time limiting validity of said data identifying previously authenticated requests;   said received request authenticating means including means for not matching data in said received request match with invalid data in said local cache means.   
     
     
       7. A method of operating a distributed computer system having a multiplicity of interconnected computers, the steps of the method comprising: running requester processes on at least a first subset of said multiplicity of computers and running server on at least a second subset of said multiplicity of computers;   interconnecting with secure channels first ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running;   establishing authenticating agents within a trusted computing base on each one of said multiplicity of computers;   said requester processes each generating requests and initiating transmission of said requests over ones of said secure channels to specified ones of said server processes, said requests each including a first datum allegedly identifying a principal associated with said each requester process;   said authenticating agents adding to each request generated by said requester processes a second datum uniquely corresponding to the one of said requester processes which generated said each request; and   those of said authenticating agents established on ones of said multiplicity of computers having at least one server process running thereon (A) maintaining a local cache of data indicating said first datum and second datum in previously authenticated requests received by said at least one server process, and (B) authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match said data in said local cache, (C) obtaining authentication of said received request, from said authenticating agent established on the computer running the requester process that sent said received request, when said first datum and second datum in said received request do not match said data maintained by said local cache means, and (D) for enabling said at least one server process to process said received request only after said received request has been authenticated.   
     
     
       8. The method of claim 7, each server process maintaining its own local cache of data indicating said first datum and second datum in previously authenticated requests received by said server process; and   each server process self-authenticating a received request when said first datum and second datum in said received request match said data maintained by its own cache means, and requesting authentication of said received request by said authentication agent running on the same computer as said server process when said first datum and second datum in said received request do not match said data maintained by its own cache means.   
     
     
       9. The method of claim 7, said authentication agents time limiting validity of said data maintained in said local cache for each said previously authenticated request;   said authentication agents for not authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match invalid data in said local cache.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.